Debian NAS

debian.sh

#!/bin/sh

# Files
mkdir /files && chmod -R 777 /files
mkdir /files/docker
mkdir /files/www
mkdir /files/photos
mkdir /files/videos
mkdir /files/music
mkdir /files/documents
mkdir /files/downloads

apt -y update
apt -y install vim git curl wget unzip software-properties-common apt-transport-https ufw ca-certificates gnupg2 gpg wireguard-tools aria2 nginx

# 添加免密登陆公钥，authorized_keys 改为自己的公钥地址
mkdir ~/.ssh
mkdir /root/.ssh
cd ~/.ssh
# wget https://name.com/authorized_keys
# chmod -R 600 ~/.ssh/authorized_keys
# cp /root/.ssh/authorized_keys /root/.ssh/authorized_keys
# chmod -R 600 /root/.ssh/authorized_keys

# webmin
wget -q http://www.webmin.com/jcameron-key.asc -O- | apt-key add -
add-apt-repository "deb [arch=amd64] http://download.webmin.com/download/repository sarge contrib"

#docker
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"

# Zerotier
curl -s 'https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg' | gpg --import && \
if z=$(curl -s 'https://install.zerotier.com/' | gpg); then echo "$z" | sudo bash; fi

# 安装
apt -y update
apt -y install webmin docker-ce samba

# ufw
ufw allow from 192.168.1.0/24
ufw allow 6022
ufw allow 6443
ufw allow 443/tcp
ufw allow 80/tcp
ufw deny out 25
ufw deny out 110
ufw deny out 143
ufw deny out 465
ufw deny out 587
ufw deny out 993
ufw deny out 995
systemctl enable ufw
systemctl start ufw

# Docker
systemctl enable docker
systemctl start docker

# Watch­tower 自动更新 Docker
docker run -d \
--name watchtower \
--restart unless-stopped \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower -c

# Docker UI，端口 10990
mkdir -p /files/docker/portainer
docker pull portainer/portainer
docker run -d -p 10990:9000 --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /files/docker/portainer/portainer_data:/data --name dockerui portainer/portainer

# nginx UI
systemctl enable nginx
systemctl restart nginx
docker pull schenkd/nginx-ui
docker run -d -p 8080:8080 --restart=always -v /etc/nginx:/etc/nginx --name nginxui schenkd/nginx-ui

# Birwarden
#mkdir /files/docker/vaultwarden
#docker pull vaultwarden/server
#docker run -d --name vaultwarden -v /files/docker/vaultwarden:/data/ -p 10081:80 -p 10082:3012 vaultwarden/server:latest

# DDNS-GO 端口 9876
mkdir /files/docker/ddns-go
docker pull jeessy/ddns-go
docker run -d --name ddns-go --restart=always --net=host -v /files/docker/ddns-go:/root jeessy/ddns-go

# WebDAV
mkdir -p /files/docker/webdav
cd /files/docker/webdav
wget https://gist.githubusercontent.com/sanfang0766/d56a476e9cab19179f5339106ab9624b/raw/08dcc19661d4efb30c6bf3daf7488c76210a146d/webdav.config.yml
docker pull hacdias/webdav
docker run --restart always --name=webdav -itd \
    -v /files:/files \
    -v /files/docker/webdav/webdav.config.yml:/opt/webdav.config.yml \
    -p 6080:6080 \
    hacdias/webdav --config /opt/webdav.config.yml

# Aria2 Pro
#mkdir -p /files/docker/aria2
#docker pull p3terx/aria2-pro


# Jellyfin 影音库
# mkdir /files/docker/jellyfin
# docker pull jellyfin/jellyfin

# 自动签到面板
# mkdir /files/docker/qiandao
# docker pull a76yyyy/qiandao

webdav.config.yml

# Server related settings
address: 0.0.0.0
port: 6080
auth: true
tls: false
# cert: /var/www/.ssl/fullchain.cer
# key: /var/www/.ssl/domain.key
prefix: /

# Default user settings (will be merged)
scope: .
modify: true
rules: []

# CORS configuration
cors:
  enabled: false
  credentials: false

# 密码修改为自己的！
users:
  - username: root
    password: "{bcrypt}$2a$12$F3WjS/ToJEdCJkDeQoVNIezsk4bWkMmPtbYOszAkLfDflEqXzGoIO"
    scope: /files